malobeo/gatekeeper
2
0
Fork 0
Code Issues Pull Requests Actions Activity

Secure all endpoints behind auth

Browse Source
This commit is contained in:
ahtlon
2026-05-15 22:19:41 +02:00
parent cbc2526c14
commit e44d87f7be
5 changed files with 32 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/userManager.py
View File

@@ -4,31 +4,31 @@ from typing import List
from ..model.models import UserResponse, UserCreate, UserDB, UserUpdate
from ..services.database import engine, get_session, add_and_refresh
from ..services.auth import get_password_hash, get_current_user
from ..services.auth import get_password_hash, get_current_user, auth_is_admin
user_router = APIRouter(tags=["Users"])
@user_router.post("/users/", response_model=UserResponse)
def create_user(*, db: Session = Depends(get_session), user: UserCreate):
def create_user(*, db: Session = Depends(get_session), user: UserCreate, admin: bool = Depends(auth_is_admin)):
print("creating user with data ", user)
hashed_password = {"passwordhash": get_password_hash(user.password)}
db_user = UserDB.model_validate(user, update=hashed_password)
return add_and_refresh(db, db_user)
@user_router.get("/users/", response_model=List[UserResponse])
def read_users(*, db: Session = Depends(get_session)):
def read_users(*, db: Session = Depends(get_session), admin: bool = Depends(auth_is_admin)):
users = db.exec(select(UserDB)).all()
return users
@user_router.get("/users/{user_id}", response_model=UserResponse)
def read_user(*, db: Session = Depends(get_session), user_id: int):
def read_user(*, db: Session = Depends(get_session), user_id: int, admin: bool = Depends(auth_is_admin)):
db_user = db.get(UserDB, user_id)
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
return db_user
@user_router.patch("/users/{user_id}", response_model=UserResponse)
def update_user(*, db: Session = Depends(get_session), user_id: int, user: UserUpdate):
def update_user(*, db: Session = Depends(get_session), user_id: int, user: UserUpdate, admin: bool = Depends(auth_is_admin)):
db_user = db.get(UserDB, user_id)
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
@@ -41,7 +41,7 @@ def update_user(*, db: Session = Depends(get_session), user_id: int, user: UserU
return add_and_refresh(db, db_user)
@user_router.delete("/users/{user_id}")
def delete_user(*, db: Session = Depends(get_session), user_id: int):
def delete_user(*, db: Session = Depends(get_session), user_id: int, admin: bool = Depends(auth_is_admin)):
db_user = db.get(UserDB, user_id)
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")